Setup guide

has been set for root. (Which of these appear as the value for passwd

depends upon how the root account was enabled.)

8. Type a single asterisk (“*”), replacing the current value of the passwd

property.

9. Click the lock icon in the lower left corner of the NetInfo Manager window

to re-lock the window.

10. When the Confirm Modification dialog box appears, select Update this

copy.

11. Quit the NetInfo Manager application.

There is a timeout value associated with the sudo command. This value indicates

the number of minutes until the sudo command prompts for a password again.

The default value is 5, which means that after issuing the sudo command and

entering the correct password, additional sudo commands can be entered for 5

minutes without re-entering the password. This value should be changed in the

/etc/sudoers file. For more information, see the sudo and sudoers man pages.

Also, the list of administrators allowed to use the sudo command should be limited

to only those administrators who require the ability to run commands as root.

To change the /etc/sudoers file:

1. Edit the /etc/sudoers file using the visudo command, which allows

/etc/sudoers to be edited safely. The command must be run as root, so

issue the following command:

sudo visudo

and enter the root password when prompted.

2. In the Defaults specification section of the file, add the following line:

Defaults timestamp_timeout=0

3. Restrict which administrators are allowed to run the sudo command by

removing the line that begins with %admin, and adding the following entry

for each user, substituting the user’s id for the word ‘user’:

user ALL=(ALL) ALL

Note that doing this will mean that any time a new administrator is added

to a system, that administrator must be added to the /etc/sudoers file

as described above if that administrator requires the ability to use the

sudo command.

4. Save and quit visudo.

UNCLASSIFIED